Over four million account details stolen in massive cyber attack on Talk Talk

The banking details of over four million consumers may have been stolen following a sustained cyber attack on the Website of mobile operator Talk Talk.

  23 2 comments

Over four million account details stolen in massive cyber attack on Talk Talk

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Talk Talk says a criminal investigation has been launched by the Metropolitan Police Cyber Crime Unit following "a significant and sustained" cyberattack on its website on Wednesday 21 October.

The criminals made off with a host of valuable data including names, addresses, date of birth, e-mail accounts, telephone numbers and Talk Talk account information, alongside credit card details and/or bank details.

It appears that Talk Talk IT staff were distracted by a Distributed Denial of Services assault which brought the company's Website crashing down, leaving the criminals free to plunder customer records during the confusion.

Cyber security experts say a Russian Islamist group has claimed responsibility for the attacks, posting data online which appeared to be TalkTalk customers' private information.

In a statement, the Met Police says: "We are aware of speculation regarding alleged perpetrators; this investigation remains at an early stage; a full assessment of the alleged data theft is ongoing."

The breach is the third major cybersecurity incident to hit the firm in a year, following the theft of thousands of customers details by a third party contractor and the recent attack on Carphone Warehouse in which 480,000 Talk Talk customer records were lifted. Shares in the vendor have slipped by more than seven percent in morning trading following the latest hit on its reputation.

In a message to customers, Tristia Harrison, Talk Talk MD says: "Unfortunately cyber criminals are becoming increasingly sophisticated and attacks against companies which do business online are becoming more frequent. We understand this will be concerning and frustrating, and we want to reassure you that we are continuing to take every action possible to keep your information safe."

The company says it has been in contact with major banks and alerted them to monitor suspicious activity on customer accounts.

Update The BBC is reporting that Talk Talk has been contacted by the perpetrators of the fraud demanding a ransom in return for the hacked data and a moratorium on future DDoS attacks.

Sponsored [Webinar] Operational Resilience in the age of DORA

Related Company

Comments: (2)

Keith Appleyard

Keith Appleyard IT Consultant at available for hire

I have a business account with TalkTalkBusiness.net : contrary to statements by TalkTalk, as of 4pm on Friday we still hadn't received any form of notification from TalkTalk as to whether we have/haven't been impacted.

Alan Laird

Alan Laird Management Consultant Card Schemes at ADL Card Systems

Why do TalkTalk need all this information? It's just so that they can "pull" funds from their customers. Why not work on a process based on the customer "pushing" funds to them?

[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming MandatesFinextra Promoted[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates